✨ Customizable allowed origins

apps/viewer/src/features/chat/api/continueChat.ts

@@ -28,7 +28,7 @@ export const continueChat = publicProcedure
     })
   )
   .output(continueChatResponseSchema)
-  .mutation(async ({ input: { sessionId, message } }) => {
+  .mutation(async ({ input: { sessionId, message }, ctx: { res, origin } }) => {
     const session = await getSession(sessionId)
 
     if (!session) {
@@ -49,6 +49,15 @@ export const continueChat = publicProcedure
         message: 'Session expired. You need to start a new session.',
       })
 
+    if (
+      session?.state.allowedOrigins &&
+      session.state.allowedOrigins.length > 0
+    ) {
+      if (origin && session.state.allowedOrigins.includes(origin))
+        res.setHeader('Access-Control-Allow-Origin', origin)
+      else res.removeHeader('Access-Control-Allow-Origin')
+    }
+
     const {
       messages,
       input,

apps/viewer/src/features/chat/api/startChat.ts

@@ -28,6 +28,7 @@ export const startChat = publicProcedure
         prefilledVariables,
         resultId: startResultId,
       },
+      ctx: { origin, res },
     }) => {
       const {
         typebot,
@@ -52,6 +53,15 @@ export const startChat = publicProcedure
         message,
       })
 
+      if (
+        newSessionState.allowedOrigins &&
+        newSessionState.allowedOrigins.length > 0
+      ) {
+        if (origin && newSessionState.allowedOrigins.includes(origin))
+          res.setHeader('Access-Control-Allow-Origin', origin)
+        else res.removeHeader('Access-Control-Allow-Origin')
+      }
+
       const session = isOnlyRegistering
         ? await restartSession({
             state: newSessionState,

apps/viewer/src/helpers/server/context.ts

@@ -11,6 +11,8 @@ export async function createContext(opts: trpcNext.CreateNextContextOptions) {
 
   return {
     user,
+    origin: opts.req.headers.origin,
+    res: opts.res,
   }
 }